UFED and Iphone 5S running IOS 8.4

Hello,

One trick is to use iTunes itself to make a mobile backup of the iPhone with a known password, such as "password".

Apparently creating a password protected iTunes mobile backup removes encryption that would otherwise be present in a non-password protected mobile backup.

Once you have your password protected mobile backup created by iTunes, you can then use a variety of tools to recover data from the mobile backup itself, such as Lantern/Oxygen etc.

Hej Per,

Even if you do get UFED working, it won't get you any email data from an iPhone 5S.

- Lars

You'll need to jailbreak in order to extract email, and even then you'll have a ton of truncated emails. I've written to Cellebrite about this common issue with no solution.

For E-Mails you either have to do a jailbreak or you can print single E-Mails via AirPrint. There is also software available which emulates an AirPrint server and saves each mail as pdf.

As to iPhone 5s, I could come up with few solutions

1. See if any laptops or PC/Mac you could seize from suspect's place. The secret plist is in the Lockdown folder because his/her iPhone 5s could have been connectd to laptop/PC/Mac. Once you got the plist, you could get everything from that iPhone 5s.

2. There may be some iTune backups on his/her laptop/PC/Mac, so you could use some tool(ex EPPB) to deal with it.

3. There may be some backups on the iCloud, so so you could use some tool(ex EPPB) to deal with it.

4. Find out the passcode - Based on human nature, the passcode he/her uses is often the info about him/her self. Try those combination first. Second, create an dictionary from his/her laptop/PC/Mac by using EnCase/FTK , this will be the most powerful dictionary attack toward he/her, still based on human nature…